Windows XP Service Pack 2: An Update from Desktop Computing Services Desktop Computing Services is continuing to test SP2 against our major enterprise and departmental applications. The enterprise Active Directory is being leveraged through the use of Group Policies to test and deploy customized settings for the various components of the service pack, including the firewall. Below is an assessment of our compatibility findings thus far: Problems not related to the firewall: - Symantec Antivirus: The SAV client does not properly integrate with the new Security Center feature. A compatibility patch for version 9.0 of SAV is available through Symantec’s web site. Patches for prior versions will be made available in December ’04 through January ’05.
- PopUp Blocker: Some web-based departmental applications require a custom configuration of the PopUp Blocker to allow the applications to properly function.
- Microsoft Systems Management Server: Several conditions may exist which will prevent clients or administrators with SP2 from being capable of using SMS. We recommend that you refer to Microsoft’s knowledgebase for detailed information.
Problems related to the firewall: - EPR: This application is compatible with the SP2 however it does require a custom configuration of the firewall if it is enabled. Documentation is being developed to detail the required changes and will be distributed as soon as it is available.
- VPN: A patch from Microsoft has been released to correct problems some users encountered with various VPN products and SP2. Please reference knowledgebase article #884020 on Microsoft’s web site.
- Groupwise eMail Clients: Some of the features of the Groupwise eMail client are disabled by using the firewall included in SP2. Please refer to Novell’s web site and the technical information document (TID) #10094089 for additional information.
Microsoft has also documented in knowledgebase article #884130 commercial off the shelf applications they have encountered that experience some loss of functionality after SP2 is installed. We are expecting to deploy SP2 without the firewall enabled in our areas of responsibility within the next couple of weeks. A second testing phase following the initial deployment will be conducted with the firewall enabled. We will continue to provide updated information and where appropriate documentation regarding our findings and solutions. Please reference http://nts.jhu.edu/desktop/, or contact DCS directly at 410-614-1544 for additional information.
September 9, 2004 Position Statement for Service Pack 2 for Windows XP Desktop Computing Services, IT@Hopkins The recent release of Service Pack 2 (SP2) for Windows XP provides extensive new features and capabilities to the operating system (OS). It represents a significant upgrade to the OS in terms of systems management and security enhancements. Along with the addition of these capabilities and features, specifically with respect to the security enhancements, comes a significant amount of complexity. Applying effective security measures on our computer systems for protecting our data often involves the balancing act of usability versus security. As a consequence of the extensive new security enhancements, SP2 has the capability to negatively impact usability by rendering some widely used Johns Hopkins applications unusable – without a specially configured distribution of the updates. Desktop Computing Services has conducted a testing program since Release Candidate (RC) 1 and through the release of RC2 for SP2. This effort began in May, 2004. Although not all of the features and functions of the service pack were available or implemented in their final form in these early versions, we documented several improvements and several problems that result from the installation of SP2. Building upon our work in pre-release testing of SP2, we continue to test aggressively SP2 since its official release in early August. To date, our experience with the early versions mirrors for the most part our experience with the final release. - Difficulty with some of the new wireless networking features.
- New and extensive capabilities provided in and the complexities from using the Internet Firewall features included in SP2.
- Some of the enhancements to the internet browser user interface required the computer user to acclimate themselves to the new features.
- Compatibility problems or special configuration settings for SP2 are required with specific applications currently in use by our IT support, clinical and educational staff. The affected applications include but are not limited to:
- Microsoft’s Systems Management Server
- ORMIS
- HIP
- Keane
- Symantec Antivirus Client
Other widely distributed applications such as the VPN client, POE, ISIS, and the Pathways Materials Management application are still being tested against SP2. Working with the application support teams, vendors and the development staffs will ensure a full test of the functionality and performance of these and other departmental applications with Windows XP SP2. Desktop Computing Services will not widely distribute SP2 until all of our supported applications are tested, and solutions found and documented for any of the problems we discover. About 200 workstations receive the Service Pack during the last week of August. This will test our distribution and configuration methods across a representative sample of systems running a variety of applications. Our current plans are directed towards a phased deployment starting within 6 weeks where the initial distribution of the service pack would not include all of the features provided in SP2, such as the firewall. Once this process is completed, detailed information about the required configuration changes will be provided through the ICSC. On August 25th, Microsoft made SP2 available to all Windows XP users through the automated patching service currently available and within the Windows XP OS known as Automatic Updates, as well as through their web site for obtaining OS updates manually, WindowsUpdate.com. It is our expectation that a significant percentage of our Windows XP users will obtain the update through one of these means and they will experience problems using some web sites and applications as a result, however currently Microsoft is only permitting a limited amount of downloads at this time. It is our strong recommendation that all of our computer users with the Windows XP OS installed contact their LAN Administrators or IT support personnel prior to installing this update. Technical information is available to any LAN Support group or others with a stake in user and application support by contacting the Desktop Computing Services group at 410-614-1544. In addition, the Desktop Management Working Group, which meets every week to manage these issues on behalf of DCS, will focus on SP2 deployment and configuration issues for the duration of the effort. | 
